METHOD OF MALWARE DETECTION AND SYSTEM THEREOF
First Claim
Patent Images
1. A computer-implemented method of detecting malware in real time in a live environment, the method comprising:
- monitoring one or more operations of at least one program concurrently running in the live environment;
building at least one stateful model in accordance with the one or more operations;
analyzing the at least one stateful model to identify one or more behaviors; and
determining the presence of malware based on the identified one or more behaviors.
3 Assignments
0 Petitions
Accused Products
Abstract
There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.
-
Citations
41 Claims
-
1. A computer-implemented method of detecting malware in real time in a live environment, the method comprising:
-
monitoring one or more operations of at least one program concurrently running in the live environment; building at least one stateful model in accordance with the one or more operations; analyzing the at least one stateful model to identify one or more behaviors; and determining the presence of malware based on the identified one or more behaviors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for detecting malware in real time in a live environment, the system comprising a processor configured to perform at least the following:
-
monitor one or more operations of at least one program concurrently running in the live environment; build at least one stateful model in accordance with the one or more operations; analyze the at least one stateful model to identify one or more behaviors; and determine the presence of malware based on the identified one or more behaviors. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A non-transitory program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for detecting malware in real time in a live environment, the method comprising:
-
monitoring one or more operations of at least one program concurrently running in the live environment; building at least one stateful model in accordance with the one or more operations; analyzing the at least one stateful model to identify one or more behaviors; and determining the presence of malware based on the identified one or more behaviors.
-
Specification